Building a Self-Defending Border. Shane Baldacchino, Solutions Architect, AWS Marcus Santos, Solutions Architect, AWS

Similar documents
Additional Security Services on AWS

Advanced Techniques for DDoS Mitigation and Web Application Defense

Secure your Web Applications with AWS WAF & AWS Shield. James Chiang ( 蔣宗恩 ) AWS Solution Architect

ARCHITECTING WEB APPLICATIONS FOR THE CLOUD: DESIGN PRINCIPLES AND PRACTICAL GUIDANCE FOR AWS

Best Practices for Cloud Security at Scale. Phil Rodrigues Security Solutions Architect Amazon Web Services, ANZ

Cloud Security Strategy - Adapt to Changes with Security Automation -

PrepAwayExam. High-efficient Exam Materials are the best high pass-rate Exam Dumps

AWS Well Architected Framework

AWS Solution Architect Associate

Training on Amazon AWS Cloud Computing. Course Content

Enroll Now to Take online Course Contact: Demo video By Chandra sir

Getting Started with AWS Security

AWS Solutions Architect Associate (SAA-C01) Sample Exam Questions

Serverless Computing. Redefining the Cloud. Roger S. Barga, Ph.D. General Manager Amazon Web Services

AWS Administration. Suggested Pre-requisites Basic IT Knowledge

ActiveNET. #202, Manjeera Plaza, Opp: Aditya Park Inn, Ameerpetet HYD

AWS Security. Stephen E. Schmidt, Directeur de la Sécurité

About Intellipaat. About the Course. Why Take This Course?

Amazon Web Services. Block 402, 4 th Floor, Saptagiri Towers, Above Pantaloons, Begumpet Main Road, Hyderabad Telangana India

AWS Web Application Firewall. Darren Weiner Cloud Architect/Engineer

Securing Microservices Containerized Security in AWS

At Course Completion Prepares you as per certification requirements for AWS Developer Associate.

Understanding Perimeter Security

Security Aspekts on Services for Serverless Architectures. Bertram Dorn EMEA Specialized Solutions Architect Security and Compliance

Amazon Web Services (AWS) Solutions Architect Intermediate Level Course Content

Minfy MS Workloads Use Case

Certificate of Registration

AWS Agility + Splunk Visibility = Cloud Success. Splunk App for AWS Demo. Laura Ripans, AWS Alliance Manager

Network Security & Access Control in AWS

PracticeDump. Free Practice Dumps - Unlimited Free Access of practice exam

Security: Michael South Americas Regional Leader, Public Sector Security & Compliance Business Acceleration

Cloud security 2.0: Joko nyt pilveen voi luottaa?

Amazon Web Services Training. Training Topics:

Hackproof Your Cloud Responding to 2016 Threats

BERLIN. 2015, Amazon Web Services, Inc. or its affiliates. All rights reserved

What s New at AWS? looking at just a few new things for Enterprise. Philipp Behre, Enterprise Solutions Architect, Amazon Web Services

CogniFit Technical Security Details

We are ready to serve Latest IT Trends, Are you ready to learn? New Batches Info

AWS Mobile Hub. Build, Test, and Monitor Your Mobile Apps. Daniel Geske, Solutions Architect 31 May 2017

Title: Planning AWS Platform Security Assessment?

Elastic Load Balancing

Microservices on AWS. Matthias Jung, Solutions Architect AWS

Security & Compliance in the AWS Cloud. Vijay Rangarajan Senior Cloud Architect, ASEAN Amazon Web

SAA-C01. AWS Solutions Architect Associate. Exam Summary Syllabus Questions

Integrated Web Application Firewall (WAF) & Distributed Denial Of Service (DDoS) Mitigation For Today s Enterprises

Amazon Search Services. Christoph Schmitter

Microservices Architekturen aufbauen, aber wie?

What to expect from the session Technical recap VMware Cloud on AWS {Sample} Integration use case Services introduction & solution designs Solution su

The Orion Papers. AWS Solutions Architect (Associate) Exam Course Manual. Enter

STATE OF MODERN APPLICATIONS IN THE CLOUD

Splunk & AWS. Gain real-time insights from your data at scale. Ray Zhu Product Manager, AWS Elias Haddad Product Manager, Splunk

Amazon Web Services (AWS) Training Course Content

Defend Your Web Applications Against the OWASP Top 10 Security Risks. Speaker Name, Job Title

AWS 101. Patrick Pierson, IonChannel

Who done it: Gaining visibility and accountability in the cloud

Going Serverless. Building Production Applications Without Managing Infrastructure

SIEMLESS THREAT DETECTION FOR AWS

Serverless Architecture Hochskalierbare Anwendungen ohne Server. Sascha Möllering, Solutions Architect

High School Technology Services myhsts.org Certification Courses

Security & Compliance in the AWS Cloud. Amazon Web Services

haltdos - Web Application Firewall

Containers or Serverless? Mike Gillespie Solutions Architect, AWS Solutions Architecture

Overview. AWS networking services including: VPC Extend your network into a virtual private cloud. EIP Elastic IP

Emulating Lambda to speed up development. Kevin Epstein CTO CorpInfo AWS Premier Partner

Monitoring Serverless Architectures in AWS

Cloud Computing /AWS Course Content

Hackproof Your Cloud: Preventing 2017 Threats for a New Security Paradigm

Look Who s Hiring! AWS Solution Architect AWS Cloud TAM

Amazon AWS-Solution-Architect-Associate Exam

Introduction to Cloud Computing

Reactive Microservices Architecture on AWS

Architecting for Greater Security in AWS

Streamline AWS Security Incidents

What s New at AWS? A selection of some new stuff. Constantin Gonzalez, Principal Solutions Architect, Amazon Web Services

DEVOPS AND THE FUTURE OF ENTERPRISE SECURITY

Securing Your Amazon Web Services Virtual Networks

Mapping traditional security technologies to AWS Dave Walker Specialised Solutions Architect Security and Compliance Amazon Web Services UK Ltd

ALIENVAULT USM FOR AWS SOLUTION GUIDE

The Emerging Role of a CDN in Facilitating Secure Cloud Deployments

INTRODUCING CISCO SECURITY FOR AWS

WEBSCALE CONVERGED APPLICATION DELIVERY PLATFORM

Zombie Apocalypse Workshop

HPE Digital Learner AWS Certified SysOps Administrator (Intermediate) Content Pack

Managing and Auditing Organizational Migration to the Cloud TELASA SECURITY

Intelligent and Secure Network

AWS Solutions Architect Exam Tips

AWS Reference Architecture - CloudGen Firewall Auto Scaling Cluster

CyberPosture Intelligence for Your Hybrid Infrastructure

Automate best practices and operational health for your AWS resources with Trusted Advisor and AWS Health

Asset Discovery with Symantec Control Compliance Suite WHITE PAPER

AWS: Basic Architecture Session SUNEY SHARMA Solutions Architect: AWS

NETWORKING &SECURITY SOLUTIONSPORTFOLIO

25 Best Practice Tips for architecting Amazon VPC

AWS Solution Architecture Patterns

Automated Response in Cyber Security SOC with Actionable Threat Intelligence

LINUX, WINDOWS(MCSE),

Crypto-Options on AWS. Bertram Dorn Specialized Solutions Architect Security/Compliance Network/Databases Amazon Web Services Germany GmbH

Migrating Existing Applications to AWS. Matt Tavis Principal Solutions Architect

Security on AWS(overview) Bertram Dorn EMEA Specialized Solutions Architect Security and Compliance

MONITORING SERVERLESS ARCHITECTURES

Transcription:

Building a Self-Defending Border Shane Baldacchino, Solutions Architect, AWS Marcus Santos, Solutions Architect, AWS www.cloudsec.com #cloudsec

Building A Defending Borders Protect Your Web-facing Workloads With AWS Security Services SHANE BALDACCHINO 2018 MARCUS SANTOS 2018

Modern Business Challenges Increased Frequency Low Capital Investment Rules and Regulations Disparate Disconnected Systems

Threats facing online assets? There Are Many

OWASP Style Attacks Critical Web Application Security Risks

OWASP - Injection User Input Website Database User = "Shane" Pass = "XXXX" SELECT * FROM Users WHERE Name = "Shane" AND Pass = "XXXX" SELECT Statement

OWASP - Injection Malicious Actor Website Database User = " or ""=" Pass = " or ""=" SELECT * FROM Users WHERE Name ="" "Shane" or ""="" AND Pass = ="" "XXXX" or ""="" SELECT Statement

OWASP Style Attacks Critical Web Application Security Risks Hacktivists & Crime Syndicates External Threats

Botnets And DDoS Malicious Actor Control Server Victim Website Bots

How are we fighting these threats today? We Use Controls

Expensive Lack Automation False Positives CapEx Heavy Over Provisioning License Locked Integration Challenges With DevSecOps Models Content Changes Often Require New Rules

Let s make this real.

The Snowy Unicorn Elevator Company N-Tier Architecture ERP and CRM Integration Quickly Growing Limited IT resources

Online Architecture Bastion Host Application Load Balancer Application Load Balancer Amazon Route 53 EC2 instances Auto Scaling Group EC2 instances MySQL DB Availability Zone A MySQL DB Availability Zone B

Kali Linux Designed For Penetration Testing and Security Auditing Contains Several Hundred Tools Available in AWS Marketplace

Architecture Of Attacks - Discovery

Architecture Of Attacks - Crawl

Architecture Of Attacks - OWASP

Architecture Of Attacks - DOS

Architecture Of Attacks - Brute Force

Demo The Snowy Unicorn Elevator Company 2018, Amazon Web Services, Inc. or Its Affiliates. All rights reserved.

What s Wrong With Our Architecture? L7 Attacks Traditional security controls were ineffective Scale, Cost & Reputation ASG Elasticity Network Bandwidth Visibility Flew under the radar

We Need A Smarter Approach And New Tools

AWS Shield Standard Protection Advanced Protection Available to ALL AWS customers at No Additional Cost Paid service that provides additional, comprehensive protections from large and sophisticated attacks

Botnets And DDoS Malicious Actor Control Server Victim Website Bots

Botnets And DDoS Malicious Actor Control Server Victim Website Bots

AWS WAF Comprehensive API Integration Leverage IP Reputation Lists Mitigate OWASP Vulnerabilities

OWASP - Injection Malicious Actor Website Database User = " or ""=" Pass = " or ""=" SELECT * FROM Users WHERE Name ="" or ""="" AND Pass ="" or ""="" SELECT Statement

OWASP - Injection Malicious Actor Website Database User = " or ""=" Pass = " or ""=" SELECT * FROM Users WHERE Name ="" or ""="" AND Pass ="" or ""="" SELECT Statement

Self Defending Borders Putting the Dev in Security (DevSecOps)

Application Requests (Static + Dynamic) Application Load Balancer Amazon CloudFront AWS Shield OWASP Top 10 Protection HTTP Flood Protection AWS WAF IP Whitelist / Blacklist

Application Requests (Static + Dynamic) Access Logs Application Load Balancer Amazon CloudFront AWS Shield Amazon S3 Bucket OWASP Top 10 Protection HTTP Flood Protection AWS WAF IP Whitelist / Blacklist

Application Requests (Static + Dynamic) Access Logs Application Load Balancer Amazon CloudFront AWS Shield Honey Pot Endpoint Amazon S3 Bucket Amazon API Gateway OWASP Top 10 Protection HTTP Flood Protection AWS WAF IP Whitelist / Blacklist

Tight-knit API Driven Platform Amazon SQS Amazon CloudWatch AWS Step Functions Amazon SNS Fully managed message queue Monitoring for cloud resources Build distributed applications Highly scalable push messaging Amazon DynamoDB Amazon API Gateway Amazon S3 AWS Lambda NoSQL data store Create API s at scale Simple, durable object store Run code without servers

Application Requests (Static + Dynamic) Access Logs Application Load Balancer Amazon CloudFront AWS Shield Honey Pot Endpoint Amazon S3 Bucket Amazon API Gateway Bad Bot & Scraper Protection AWS WAF OWASP Top 10 Protection HTTP Flood Protection IP Whitelist / Blacklist AWS Lambda Access Handler AWS Step Functions

AWS Lambda Build and run applications without thinking about servers Availability and scalability is managed by AWS Not paying for idle time

AWS Step Functions Start FirstState ChoiceState FirstMatchState SecondMatchState DefaultState NextState End

Security State Machine Start Detected Attack New Attack Type Manual Approval Known Attack Blacklist Router Update WAF BadBot ACL Update EC2 Guest Firewall Update WAF Scraper ACL End

Security State Machine Start Detected Attack New Attack Type Manual Approval Known Attack Blacklist Router Update WAF BadBot ACL Update EC2 Guest Firewall Update WAF Scraper ACL End

Security State Machine Start Detected Attack New Attack Type Manual Approval Known Attack Blacklist Router Update WAF BadBot ACL Update EC2 Guest Firewall Update WAF Scraper ACL End

Security State Machine Start Detected Attack New Attack Type Manual Approval Known Attack Blacklist Router N function N function N function Update WAF BadBot ACL Update EC2 Guest Firewall Update WAF Scraper ACL End

Demo The Snowy Unicorn Elevator Company AWS WAF AWS Lambda Amazon API Gateway AWS Step Functions Amazon Dynamo DB 2018, Amazon Web Services, Inc. or Its Affiliates. All rights reserved.

Application Requests (Static + Dynamic) Access Logs Application Load Balancer Amazon CloudFront AWS Shield Honey Pot Endpoint Amazon S3 Bucket Amazon API Gateway AWS Guard Duty Bad Bot & Scraper Protection AWS WAF OWASP Top 10 Protection HTTP Flood Protection IP Whitelist / Blacklist AWS Lambda Access Handler AWS Step Functions Amazon CloudWatch Known Attacker Protection AWS Lambda Guard Duty and 3 rd Party IP Lists

AWS Guard Duty Generate findings through VPC Log Stream Queries to questionable domains AWS CloudTrail history of AWS calls and user activity

Automating Remediation Detection Report Act Amazon GuardDuty Amazon CloudWatch AWS Platform CloudWatch Event Amazon SNS Amazon SQS AWS Step Functions AWS Lambda

Demo The Snowy Unicorn Elevator Company AWS WAF Amazon API Gateway AWS Lambda AWS Guard Duty AWS Step Functions Amazon Dynamo DB 2018, Amazon Web Services, Inc. or Its Affiliates. All rights reserved.

Session Recap AWS WAF Amazon API Gateway AWS Lambda AWS Guard Duty AWS Step Functions Amazon Dynamo DB

How To Get Started AWS Lambda Product Details - https://aws.amazon.com/lambda/ Tutorial - https://amzn.to/2ijn4bm AWS Automation WAF / Lambda Automation - http://amzn.to/2gblvoz Step Functions Workflow - http://amzn.to/2hkpouf AWS Step Functions Product Details - https://aws.amazon.com/step-functions/ Tutorial - https://amzn.to/2reskif

Thank you! Shane Baldacchino balshane@amazon.com https://www.linkedin.com/in/shanebaldacchino/ Marcus Santos sntosms@amazon.com https://www.linkedin.com/in/marcus-santos/

2024 © technodocbox.com Privacy Policy | Terms of Service | Feedback